Thales Blog

Data Security Earns Its Seat At The Table As A Board Level Issue; Mitigating Security Threats For Retail And Financial Services

February 24, 2015

Tina Stewart Tina Stewart | VP, Global Market Strategy More About This Author >

Financial Services RBIt’s no surprise that every company’s data is vulnerable to hackers. As a result, implementing strong data security practices should be an obvious priority for enterprises. According to our 2015 Insider Threat Report, data breach protection has replaced meeting compliance standards as the number one security priority for companies. Organizations are going in the right direction with over 40 percent reporting that they have experienced a data breach in the past year, this reprioritization couldn’t come at a better time.

<ClickToTweet>Retail & Financial Services Insider Threats - from @socialTIS #DefenderOfData @Vormetric

Today we released our retail and financial services Insider Threat Research Briefs, and given the past year’s successful retail and financial cyberattacks – a number of which dealt a financial, legal and reputational blow to high profile companies – this data could not come at a better time. 97 percent of U.S. financial service respondents reported being somewhat or more vulnerable to insider threats. Constructing and instituting a solid security plan should be at the forefront of enterprise concerns, this statement holds true with 41 percent that encountered a data breach or failed a compliance audit in the past 12 months. Disgruntled employees, foreign terrorists and compromised employee accounts, just to name a few, have all become major concerns for organizations, particularly within the financial sector. In financial services, the top three IT security spending priorities are preventing a data breach incident (57 percent), protecting finances and other assets (43 percent), and fulfilling compliance requirements and passing audits (39 percent).

Find the Financial Services infographic based on the results here for a quick and informative look at more results.

As part of the financial report, we partnered with FS-ISAC who says it best:


"As part of its mission to provide cyber and physical threat intelligence, analysis and sharing, FS-ISAC also partners with respected thought leaders to pro-actively deliver compelling research and trend reports," said Eric Guerrino with the FS-ISAC. "The topic of insider threats has long been an area of focus and concern. Cyber threats that compromise insider credentials and traditional insider risks have played a part in many of the recent data breaches around the world. This report highlights how organizations are recognizing the need to protect data from this threat, and provides relevant information that can be immediately useful to our members and to the financial sector overall."

Retail RBRetailers have fared slightly worse than financial institutions, with 48 percent of U.S. retail respondents having experienced a data breach or failed a compliance audit in the last 12 months. Retailers handle millions of credit cards daily and have thousands of touch points. Many retail data breaches have compromised privileged user accounts, providing access to the retailer’s network. In fact, there has been a three-fold increase in planned IT spending for data breach prevention from 2013 to 2015. For retailers, security priorities include preventing a data breach (63 percent), protecting critical IP (37 percent) and protecting finance and other assets (36 percent).

To see a quick summary of important Retail vertical results, see the infographic found here.

Today’s security threats demand more than just meeting compliance standards, organization’s reputation and brand image are also on the line. As if a data breach wasn’t devastating enough, let’s add civil lawsuits as well as government investigations and shareholder scorn. As we’ve seen, high profile data breaches can also force top executives to resign, as such was the case with Target and Sony. It is in everyone’s best interest to rectify theirsecurity strategy, keep sensitive information private and ultimately avoid legal recourse.

As companies are evolving their security strategies, when empowered the right tools, they can make the best choices to protect sensitive data. Deploy a layered defense that combines traditional IT security solutions with advanced data protection techniques. Prioritizing the protection of data at the source is also important, and for most organizations, this involves protecting a mix of on premise databases and servers, newer big data implementations and remote cloud resources. Leveraging a range of data-centric security techniques that protect where the data is stored, and that can move with the data is also crucial.  Using data encryption, tokenization, data masking and other techniques that de-identify data, control data access, and increase data access visibility will keep sensitive information safe.

Protecting sensitive information is more important than ever, especially given all that are vying to exploit data. By using the latest techniques and practices to create a solid and sophisticated protection plan for your retail or financial services company, enterprises can sufficiently keep their data out of harm’s way.